Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

The report summarizing the public comment makes clear what seemed obvious for a long time: Intellectual property interests and law enforcement are dead-set against any privacy protections in whois. Their remarks dominated the public comment, according to the report.

The proposal at issue, called OPOC (Operational Point Of Contact), replaces the current whois rules that state real names, addresses, phone numbers and e-mails be included in public whois records for a registered domain, with a single point of contact that is not necessarily the actual registrant. Like private registrations such as GoDaddys DomainsByProxy, there would be a contact to take care of operational matters and who could get in touch with the actual registrant, if necessary, but no third parties could directly contact the registrant except by going through the OPOC.

Both the intellectual property and law enforcement concerns start from the assumption that the whois records contain useful information that will allow them to track down the domain owner. This has been true in the past and is probably less true every day. Its not hard for registrants to hide their identities if they want to be hidden, either with mostly false information or through a privacy service like DomainsByProxy. And there are plenty of shady registrars out there who cant be expected to cooperate with rules about requiring accurate whois information.

There is one important exception where quick access to the actual registrant is important: In many cases, malicious sites are actually legitimate sites that have been hacked to host malware, phishing or whatever. In such cases, often law enforcement (or other private investigators) can contact the actual registrant and have them clean up the site.

This is a beautiful story, but you still dont need actual registrants contact information to do it. OPOC doesnt mean you cant reach the registrant, just that you have to reach them through the OPOC, which is probably a registrar or hosting service for most people. Some of the public comments objecting to OPOC complained that there werent sufficient assurances that this would be reasonably implemented:

The Whois Working Group did not reach consensus on a critical aspect of the OPOC policy such as standards for the timely transmission of requests, mechanisms for enforcing OPOC compliance with its obligations, and the mechanisms for providing legitimate third parties with access to unpublished data.
Sheesh! After all this time they didnt come up with a rule defining how long the OPOC has to respond to a law-enforcement request? If so, maybe OPOC is useless.

With OPOC all but destined to the death sentence of long-term study, some geniuses in the pro-OPOC group thought up the attention-grabbing proposal, according to the GNSO report, that:

If OPOC is not implemented, all non-consensus Whois provisions in registry and registrar agreements should sunset.This has been widely reported as calling for the death of whois, but notice the weasel words "non-consensus" in there. This proposal has exactly as much potential for implementation as OPOC itself, and is therefore a waste of bits on the disk.

In the end it was silly to think OPOC had a chance. Nobody who matters backed it. Even the large registrars have more of an interest in keeping private registration as a fee-based service that they can "up-sell" to customers, and perhaps we can expect that business to grow. At least theres an option for people and theres competition in it, too.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers blog Cheap Hack

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.